cbcvebase.

Typo3 Cms-Core vulnerabilities

98 known vulnerabilities affecting typo3/cms-core.

Total CVEs
98
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH26MEDIUM64LOW8

Vulnerabilities

Page 2 of 5
CVE-2022-23500P3HIGHCVSS 7.5≥ 9.0.0, < 9.5.38≥ 10.0.0, < 10.4.33+1 more2022-12-13
CVE-2022-23500 [HIGH] CWE-405 TYPO3 CMS vulnerable to Denial of Service in Page Error Handling TYPO3 CMS vulnerable to Denial of Service in Page Error Handling ### Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web
ghsaosv
CVE-2021-21339P3MEDIUM≥ 6.2.0, < 6.2.57≥ 7.0.0, < 7.6.51+4 more2021-03-23
CVE-2021-21339 [MEDIUM] CWE-312 Cleartext storage of session identifier Cleartext storage of session identifier ### Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 t
ghsaosv
CVE-2021-41113P3HIGHCVSS 8.8≥ 11.2.0, < 11.5.02021-10-05
CVE-2021-41113 [HIGH] CWE-309 Cross-Site-Request-Forgery in Backend Cross-Site-Request-Forgery in Backend > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C` (8.2) ### Problem It has been discovered that the new TYPO3 v11 feature that allows users to create and share [deep links in the backend user interface](https://typo3.org/article/typo3-version-112-escape-the-orbit#c12178) is vulnerable to cross-site-request-forgery. The impact is the same as described in [TY
ghsaosv
CVE-2021-21359P3MEDIUM≥ 10.0.0, < 10.4.14≥ 11.0.0, < 11.1.1+1 more2021-03-23
CVE-2021-21359 [MEDIUM] CWE-405 Denial of Service in Page Error Handling Denial of Service in Page Error Handling > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C` (5.5) > * CWE-405, CWE-674 > * Status: **DRAFT** ### Problem Requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recu
ghsaosv
CVE-2020-26228P3HIGH≥ 9.0.0, < 9.5.23≥ 10.0.0, < 10.4.10+1 more2020-11-23
CVE-2020-26228 [HIGH] CWE-312 Cleartext storage of session identifier Cleartext storage of session identifier User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. ### Credits
ghsaosv
CVE-2024-25121P3HIGH≥ 8.0.0, < 8.7.57≥ 9.0.0, < 9.5.46+4 more2024-02-13
CVE-2024-25121 [HIGH] CWE-200 TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler TYPO3 vulnerable to Improper Access Control Persisting File Abstraction Layer Entities via Data Handler ### Problem Entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage")
ghsaosv
CVE-2026-49742P3HIGH≥ 11.0.0, < 11.5.51≥ 12.0.0, < 12.4.46+2 more2026-06-12
CVE-2026-49742 [HIGH] CWE-200 TYPO3 CMS has Broken Access Control in its Media Module TYPO3 CMS has Broken Access Control in its Media Module ### Problem Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. ### Solution Update to TYPO3 versions 11.5.51 ELTS,
ghsa
CVE-2022-31050P3MEDIUM≥ 9.0.0, < 9.5.35≥ 10.0.0, < 10.4.29+1 more2022-06-17
CVE-2022-31050 [MEDIUM] CWE-613 Insufficient Session Expiration in TYPO3's Admin Tool Insufficient Session Expiration in TYPO3's Admin Tool > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C` (5.6) ### Problem Admin Tool sessions initiated via the TYPO3 backend user interface have not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolo
ghsaosv
CVE-2019-10912P3HIGH≥ 9.0.0, < 9.5.82020-02-12
CVE-2019-10912 [HIGH] CWE-502 Deserialization of untrusted data in Symfony Deserialization of untrusted data in Symfony In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to. This is related to symfony/cache and symfony/phpunit-bridge.
ghsaosv
CVE-2019-19848P3MEDIUM≥ 10.0.0, < 10.2.2≥ 8.0.0, < 8.7.30+1 more2022-05-24
CVE-2019-19848 [MEDIUM] CWE-22 TYPO3 Directory Traversal on ZIP extraction TYPO3 Directory Traversal on ZIP extraction An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
ghsaosv
CVE-2019-19850P3MEDIUM≥ 8.0, < 8.7.30≥ 9.0, < 9.5.12+1 more2022-05-24
CVE-2019-19850 [MEDIUM] TYPO3 SQL Injection in low-level Query Generator TYPO3 SQL Injection in low-level Query Generator An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.
ghsaosv
CVE-2020-11069P3HIGH≥ 9.0.0, < 9.5.17≥ 10.0.0, < 10.4.22020-05-13
CVE-2020-11069 [HIGH] CWE-346 Backend Same-Site Request Forgery in TYPO3 CMS Backend Same-Site Request Forgery in TYPO3 CMS > ### Meta > * CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C > * CWE-352 > * CWE-346 ### Problem It has been discovered that backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server - scripts are t
ghsaosv
CVE-2024-25118P3MEDIUM≥ 8.0.0, < 8.7.57≥ 9.0.0, < 9.5.46+4 more2024-02-13
CVE-2024-25118 [MEDIUM] CWE-200 TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords TYPO3 Backend Forms vulnerable to Information Disclosure of Hashed Passwords ### Problem Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. ### Solution Update to TYPO3 versions 8.7.57 ELTS,
ghsaosv
CVE-2022-23501P3MEDIUM≥ 0, < 8.7.49≥ 9.0.0, < 9.5.38+3 more2022-12-13
CVE-2022-23501 [MEDIUM] CWE-287 TYPO3 CMS vulnerable to Weak Authentication in Frontend Login TYPO3 CMS vulnerable to Weak Authentication in Frontend Login ### Problem Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. ### Solution Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS,
ghsaosv
CVE-2008-2717P3MEDIUM≥ 4.0.0, < 4.0.9≥ 4.1.0, < 4.1.7+1 more2022-05-01
CVE-2008-2717 [MEDIUM] CWE-434 TYPO3 Unrestricted File Upload vulnerability TYPO3 Unrestricted File Upload vulnerability TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
ghsaosv
CVE-2021-32767P3MEDIUM≥ 7.0.0, < 7.6.52≥ 8.0.0, < 8.7.41+3 more2021-07-26
CVE-2021-32767 [MEDIUM] CWE-532 Information Disclosure in User Authentication Information Disclosure in User Authentication > ### Meta > * CVSS: `AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that user credentials have been logged as plaintext when explicitly using log level debug, which is not the _default_ configuration. ### Solution Update to TYPO3 versions 7.6.52 ELTS, 8.7.41 ELTS, 9.5.28, 10.4.18, 11.3.1 that fix the problem described. ### C
ghsaosv
CVE-2022-31047P3MEDIUM≥ 7.0.0, < 7.6.57≥ 8.0.0, < 8.7.47+3 more2022-06-17
CVE-2022-31047 [MEDIUM] CWE-209 Insertion of Sensitive Information into Log File in typo3/cms-core Insertion of Sensitive Information into Log File in typo3/cms-core > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9) ### Problem It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace. ### Solution Update to TYPO3 versions
ghsaosv
CVE-2026-49740P3MEDIUM≥ 0, < 10.4.57≥ 11.0.0, < 11.5.51+3 more2026-06-12
CVE-2026-49740 [MEDIUM] CWE-502 TYPO3 CMS has Insecure Deserialization via Core API TYPO3 CMS has Insecure Deserialization via Core API ### Problem TYPO3's cache frontend (`VariableFrontend`) and persistent key-value store (`Registry`) deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend (cache store or sys_registry database table) could inject a crafted serialized payload to trigger PHP Object Injection, p
ghsa
CVE-2026-47352P3MEDIUM≥ 0, < 10.4.57≥ 11.0.0, < 11.5.51+3 more2026-06-12
CVE-2026-47352 [MEDIUM] CWE-862 TYPO3 CMS has Broken Access Control in Backend API TYPO3 CMS has Broken Access Control in Backend API ### Problem Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. ### Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS that fix the problem described. ### Credits
ghsa
CVE-2026-47349P3MEDIUM≥ 0, < 10.4.57≥ 11.0.0, < 11.5.51+3 more2026-06-12
CVE-2026-47349 [MEDIUM] CWE-862 TYPO3 CMS has Broken Access Control in the Recycler Module TYPO3 CMS has Broken Access Control in the Recycler Module ### Problem Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. ### Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, 14.3.3 LTS that fix the problem described. ### Credits TYPO3 CMS thanks Hyunseo Shin for rep
ghsa
Typo3 Cms-Core vulnerabilities | cvebase